DemoTechnology & SaaS
Browse pages (14)
HomeServicesSolutionsCase StudiesNorthBank — fintech platform rebuildTechnologiesProcessPricingSecurityAboutCareersBlogQ1 2026 — what shippedContact
Browse other templates
Buy this theme →
Technology & SaaS demo

Security you can audit, not just trust.

SOC 2 Type II + ISO 27001 audited annually. Sub-processor list public. Pen-test summary on request. We treat security as a product line, not a checkbox.

Posture, not promises

0

Customer-impacting breaches

Since founding (2018)

0 min

Mean time to detect

Across managed deployments, 2025

0.97%

Patched within 7 days

Critical CVEs in our stack

0 hrs

Response window

For verified vulnerability reports

Compliance + certifications

We hold the certifications that enterprise procurement actually asks for. Reports available under NDA.

Audited annually

SOC 2 Type II

Audited annually by an AICPA-accredited firm. Continuous controls monitoring via Vanta. Report under MNDA.

Request the report

ISO 27001

Certified, scope covers our delivery + internal infra.

GDPR + UK GDPR

DPA available, EU + UK SCCs, Frankfurt + Dublin data residency.

Available

HIPAA-ready

BAA available for healthcare engagements. Encryption at rest + in transit; audit logs retained 7 years.

PCI-aware

We don't store cardholder data; we integrate with Stripe + Adyen + tokenisation pipelines.

Sub-processor transparency

Public sub-processor list. 30-day notice on additions. No surprises.

View list

The boring security work, done well.

Encryption everywhere

TLS 1.3 in transit, AES-256-GCM at rest, KMS-managed keys, automated rotation.

Zero standing access

Engineers request just-in-time, time-bound prod access via PR-approved IAM. All sessions logged + reviewed weekly.

Signed commits + SBOM

Sigstore signing on every release. SBOMs published per artefact. Dependabot + Snyk gating CI.

24/7 paging

PagerDuty rotation. P1 acknowledged within 5 minutes. Post-mortems within 5 business days, shared with affected customers.

Pen-tests + bug bounty

Annual third-party pen-test. HackerOne bug bounty program live since 2022; we've paid out 47 reports.

Background checks

Every employee + contractor with prod access goes through a background check + signs a confidentiality agreement before day one.

What enterprise procurement asks us.

DPA, sub-processor list, SOC 2, pen-test summary.

Drop us a note and we'll send the security pack within one business day. MNDA where required.

Request security pack